Security Intermediate

What is RBAC (Role-Based Access Control)?

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

RBAC simplifies permission management. Instead of assigning 50 permissions to each of 100 users, you create roles (Admin, Editor, Viewer) with appropriate permissions and assign users to roles. Changing a role updates all users with that role.

RBAC supports role hierarchies (Admin inherits Editor permissions), separation of duties (no single role has all power), and audit compliance. Most applications implement RBAC: database systems, cloud platforms (AWS IAM roles), and web frameworks.

Learn More About This Topic

SELinux & AppArmor Guide

Related reading

Linux Security Hardening

Related reading

SOC Analyst Fundamentals

Related reading

Related Terms

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

View All Security Terms →